IDS mailing list archives

Re: Firewall-fooling techniques

From: Krzysztof Cabaj <zyzio248 () o2 pl>
Date: Mon, 24 Jan 2005 22:48:20 +0100

Hi,

I'm looking for some basic information on "techniques" on
"fooling" >firewalls 
and IDSs. Like using fragmented packages to fool packet-filtering
firewalls 
etc.. Any suggestions on such techniques, and perhaps some
references to 
online litterature.. ?

I think this is good begining ... maybe not recent, but for
beginning perfect.

T.H Ptacek, T.N. Newsham.: Insertion, Evasion, and Denial of
Service: Eluding Network Intrusion Detection, January 1998,
URL:http://citeseer.nj.nec.com/ptacek98insertion.html

And some for application layer
Whisker library for fooling IDS which look at HTTP traffic.
http://www.ussrback.com/docs/papers/IDS/whiskerids.html

Best regards,
Chris

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

Current thread:

Firewall-fooling techniques Göran Sandahl (Jan 24)
- Re: Firewall-fooling techniques Jose Maria Lopez (Jan 24)
- <Possible follow-ups>
- Re: Firewall-fooling techniques Krzysztof Cabaj (Jan 24)
- Re: Firewall-fooling techniques Don Parker (Jan 25)